11 Oct
2022
11 Oct
'22
5:07 p.m.
On Mon, 10 Oct 2022, Serveria Support wrote:
I checked the source code on Github and discussed this with a C developer. There seem to be too many files... perhaps somebody can guide me where should I look? Aki?
You should search for "given password" in the source.
Hint: src/auth/passdb-pam.c, around lines 175-178. src/auth/auth-request.c, around lines 2311-2312.
This is with the latest source (2.3.19.1).
Cheers.
PS: But as I noted, nothing prevents $HACKER from bringing their own dovecot (BYOD :) with all debugging options enabled, etc. As others have noted, if the intruder owns your server, you have lost. Period.